Arrays Reasoning in MCSat

Arrays Reasoning in MCSat AhmedIrfan ahmed.irfan@sri.com SRI International

333 Ravenswood Ave 94025 Menlo Park CA USA

StéphaneGraham-Lengrand stephane.graham-lengrand@sri.com SRI International

333 Ravenswood Ave 94025 Menlo Park CA USA

Arrays Reasoning in MCSat 1613-0073 E031BB8ACBC4DF7EE7EEA75869B09918 GROBID - A machine learning software for extracting information from scholarly documents

In this paper, we present the support for the (extensional) theory of arrays in the MCSat scheme for SMT solving. We describe its implementation in the (MCSat component of) the Yices2 SMT-solver, allowing Yices2 to solve, for the first time, benchmarks that combine arrays with nonlinear arithmetic. Our experimental results show that this implementation outperforms other state-of-the-art SMT solvers when solving such benchmarks (QF_ANIA + QF_AUFNIA), and also demonstrates decent performance on other SMT logics that involve arrays.

Introduction

A key mathematical concept in the modeling of both software and hardware systems is the concept of (persistent) arrays. For example, arrays are used to model (mutable) array data structure or the memory heap (e.g., Frama-C tool for C) for program analysis [1,2,3,4,5], as well as memories [6,7,8] for hardware design verification. Efficient methods for reasoning about arrays are essential for analyzing and understanding software and hardware.

Dedicated methods for array reasoning are typically found in Satisfiability Modulo Theories (SMT) solvers, which provide the automated reasoning capabilities of numerous formal methods toolchains. These solvers check the satisfiability of a first-order formula in some background theory 𝒯 (or combination of theories). If the formula is true in some model of the theory(ies), it is said to be satisfiable (SAT). If not, it is said to be unsatisfiable (UNSAT). While most SMT solvers traditionally follow the CDCL(𝒯) [9] scheme for solving (i.e., deciding) such satisfiability problems, the Model-Constructing Satisfiability (MCSat) [10] scheme offers a deeper integration of Boolean and theory reasoning that has proved particularly successful for nonlinear arithmetic. MCSat also offers a new explanation functionality generalizing unsat cores to theory reasoning, which provides new algorithms for interpolation [11] and quantifier-supporting reasoning [12].

Yices2 is a state-of-the-art SMT-solver that implements both the CDCL(𝒯) and MCSat schemes, in two distinct (sub-)solvers. Nonlinear arithmetic is only supported in the MCSat-based solver, which does offer the aforementioned explanation and interpolation functionalities for all of the theories it supports. Until recently, these theories did not include the theory of arrays, which was only supported in the CDCL(𝒯)-based solver. More generally and to the best of our knowledge, no SMT-solver has been supporting arrays in the MCSat approach. Hence, even if a solver uses an MCSat-like procedure to reason about nonlinear arithmetic (e.g., cvc5 [13], Z3 [14]), the nonlinear arithmetic reasoner interacts with the rest of the solver via a traditional theory combination scheme (typically a variant of the Nelson-Oppen scheme [15]) when trying to solve benchmarks involving both arrays and nonlinear constraints (e.g., benchmarks for the SMT logics QF_ANIA and QF_AUFNIA). Yices2 itself did not support this theory combination, as its CDCL(𝒯) and MCSat components do not interact. In this work, we address this limitation by extending the MCSat component of Yices2 with array reasoning.

The contributions of this paper are: 1) we describe how to integrate array reasoning in an MCSatbased SMT solver using the concept of weak equivalence graph [16]; 2) we describe the implementation of that integration in Yices2 -the source is publicly available on GitHub 1 ; 3) we experimentally evaluate our implementation on the array benchmarks from SMT-LIB and compare it against other SMT solvers.

Notation. We assume the standard many-sorted first-order logical setting with the usual notions of signature, term, formula, and interpretation. A theory is a pair 𝒯 = (Σ, I), where Σ is a signature and I is a class of Σ-interpretations that are the models of 𝒯. A Σ-formula 𝜑 is satisfiable (resp., unsatisfiable) in 𝒯 if it is satisfied by some (resp., no) interpretation in I.

Theory of Arrays.

Let 𝒯 𝐴 be the standard theory of arrays [17] with extensionality. We assume sorts for arrays, indices, and elements, and function symbols read and write. Here and rest of the paper, we use 𝑎 and 𝑏 to refer to arrays, 𝑖 and 𝑗 to refer to array indices, and 𝑒 to refer to array elements. The theory contains the class of all interpretations satisfying the following axioms: ∀𝑎, 𝑖, 𝑗, 𝑒. 𝑖 = 𝑗 ⟹ read(write(a, j, e), i) = 𝑒 (idx)

∀𝑎, 𝑖, 𝑗, 𝑒. 𝑖 ≠ 𝑗 ⟹ read(write(a, j, e), i) = read(a, i) (read-over-write)

∀𝑎, 𝑏. (∀𝑖. read(a, i) = read(b, i)) ⟹ 𝑎 = 𝑏 (ext)

Related Work. The theory of arrays has been a significant focus in the development of SMT solvers since their early days. Two main approaches have been utilized to decide the theory of arrays: rewritingbased and instantiation-based techniques.

Rewriting-based techniques address the problem using rewrite rules with a specific ordering to ensure completeness. Some notable work in this category can be found in [18,19].

On the other hand, instantiation-based techniques involve adding instantiations of array axioms, typically done lazily under certain conditions to minimize the number of instantiations. Most CDCL(𝒯)based SMT solvers, such as proposed in [20,21,22,23], utilize instantiation-based approaches.

One specific instantiation-based approach is the weakly equivalent arrays method, as implemented in the CDCL(𝒯)-based SMT solver SMTInterpol [16,24], as well as in the CDCL(𝒯) solver in Yices2. 2 Our work leverages weakly equivalent arrays reasoning, integrating it into an MCSat-based SMT solver.

Weakly Equivalent Arrays

Our approach uses the weakly equivalent arrays decision procedure proposed by [16], which we briefly describe here. The procedure exploits the use of chains of write function applications by introducing the notion of weak equivalence: two arrays connected via a chain of write function application can differ only at finitely many indices. This essentially generalizes the read-over-write axiom to reason about a chain of write applications. The lemmas produced from that reasoning have the advantage of using small number of new terms. In fact, we can compute the set of terms that would appear in those lemmas by scanning the input formula. Note that the finiteness of that set of terms used for generating all lemmas is a key requirement for termination, making MCSat a decision procedure.

Let 𝜙 be the input formula whose satisfiability is under question and 𝒜 be the set of array terms in 𝜙.

𝑎 ≅ 𝑖 𝑏 ∶= 𝑎 ≈ 𝑖 𝑏 ∨ (∃𝑎 ′ 𝑏 ′ 𝑗𝑘.𝑎 ≈ 𝑖 𝑎 ′ ∧ 𝑖 ∼ 𝑉 𝑗 ∧ read(a ′ , j) ∼ 𝑉 read(b ′ , k) ∧ 𝑘 ∼ 𝑉 𝑖 ∧ 𝑏 ′ ≈ 𝑖 𝑏)

Lemma 2. Weakeq-ext: Given an equivalence relation ∼ 𝑉 , if array terms 𝑎 and 𝑏 connected via a path 𝑃 in 𝐺 𝑊 and for all indices 𝑖 ∈ 𝐼 𝑛𝑑𝑖𝑐𝑒𝑠(𝑃) we have 𝑎 ≅ 𝑖 𝑏, then 𝑎 ∼ 𝑉 𝑏 holds.

To produce the full explanation, we need to add equality constraints of the path involved in readover-weakeq and weakeq-ext. Definition 6. Let 𝐶𝑜𝑛𝑑(⋅) (resp. 𝐶𝑜𝑛𝑑 𝑖 (⋅)) be the function that takes as input a path 𝑃 in the weak equivalence graph and computes a condition under which a weak equivalent or weak congruence holds (resp. weak equivalence modulo 𝑖 holds), defined by induction on 𝑃 as follows:

𝐶𝑜𝑛𝑑(∅) ∶= 𝑡𝑟𝑢𝑒 𝐶𝑜𝑛𝑑 𝑖 (∅) ∶= 𝑡𝑟𝑢𝑒 𝐶𝑜𝑛𝑑((𝑎 ↔ 𝑏) ⋅ 𝑃) ∶= (𝑎 = 𝑏) ∧ 𝐶𝑜𝑛𝑑(𝑃) 𝐶𝑜𝑛𝑑 𝑖 ((𝑎 ↔ 𝑏) ⋅ 𝑃) ∶= (𝑎 = 𝑏) ∧ 𝐶𝑜𝑛𝑑 𝑖 (𝑃) 𝐶𝑜𝑛𝑑((𝑎 𝑗 ↔ 𝑏) ⋅ 𝑃) ∶= 𝐶𝑜𝑛𝑑(𝑃) 𝐶𝑜𝑛𝑑 𝑖 ((𝑎 𝑗 ↔ 𝑏) ⋅ 𝑃) ∶= (𝑖 ≠ 𝑗) ∧ 𝐶𝑜𝑛𝑑 𝑖 (𝑃) 𝐶𝑜𝑛𝑑(𝑎 ≈ 𝑖 𝑏) ∶= 𝐶𝑜𝑛𝑑 𝑖 (𝑃)

, where 𝑃 is a path between 𝑎 and 𝑏, and

∀𝑗 ∈ 𝐼 𝑛𝑑𝑖𝑐𝑒𝑠(𝑃).𝑖 ≁ 𝑉 𝑗 𝐶𝑜𝑛𝑑(𝑎 ≅ 𝑖 𝑏) ∶= ⎧ ⎪ ⎨ ⎪ ⎩ 𝐶𝑜𝑛𝑑(𝑎 ≈ 𝑖 𝑏) if 𝑎 ≈ 𝑖 𝑏 𝐶𝑜𝑛𝑑(𝑎 ≈ 𝑖 𝑎 ′ ) ∧ 𝑖 = 𝑗 ∧read(a ′ , j) = read(b ′ , k) ∧𝑘 = 𝑖 ∧ 𝐶𝑜𝑛𝑑(𝑏 ′ ≈ 𝑖 𝑏) if 𝑎 ≈ 𝑖 𝑎 ′ ∧ 𝑖 ∼ 𝑉 𝑗 ∧read(a ′ , j) ∼ 𝑉 read(b ′ , k) ∧𝑘 ∼ 𝑉 𝑖 ∧ 𝑏 ′ ≈ 𝑖 𝑏 Algorithm 1: check-read-over-write-conflict(𝐺 𝑊 , 𝑉, ∼ 𝑉 ) for 𝑎, 𝑏, 𝑖, 𝑗 ∈ 𝑉 such that read(a, i), read(b, j) ∈ 𝑉 do if 𝑎 ≈ 𝑖 𝑏 ∧ 𝑖 ∼ 𝑉 𝑗 ∧ read(a, i) ≁ 𝑉 read(b, j) then return 𝑖 = 𝑗 ∧ 𝐶𝑜𝑛𝑑(𝑎 ≈ 𝑖 𝑏) ∧ read(a, i) ≠ read(b, j); end return NULL;

The algorithm 3 presents a decision procedure based on weakly equivalent arrays reasoning for the extensional theory of arrays. The procedure is sound and complete [16] for the theory.

MCSat Overview

MCSat applies CDCL-like mechanisms to perform theory reasoning. (Figure 1 illustrates the high level flow of the MCSat framework.) The MCSat architecture consists of a core solver, an assingment trail, and reasoning plugins. The core solver explicitly and incrementally constructs models with firstorder variable assignments-maintained in the assignment trail-while maintaining the invariant that none of the constraints evaluate to false. It is also responsible for dispatching notifications (e.g. new term notification) and handling requests from the reasoning plugins. The core solver decides upon assignments (values provided by reasoning plugins) when there is choice, it can propagate them when there is not, and it backtracks upon conflict. One of its key roles is to perform conflict analysis when a reasoning plugin detects a conflicting state. The lemmas learned via conflict analysis are based on theory-specific explanations, provided by reasoning plugins, of conflicts and propagations.

When formulas are asserted in MCSat, the core solver notifies all plugins of the asserted formulas. The reasoning plugins analyze the formulas and report all relevant terms back to the core. Relevant terms include theory variables and Boolean terms (excluding negations). When computing the value of a compound Boolean term or its negation, relevant terms are the term itself and its closest sub-terms needed for value computation.

The trail is a key data structure in MCSat, holding relevant term assignments for easy retrieval of the satisfying assignment upon termination of the MCSat search. The trail functions as a partial model constructed by MCSat during the search process, allowing for term evaluation based on the model values of their relevant subterms. A term 𝑡 can be evaluated (or is evaluable) in the trail 𝑀 if 𝑡 has an assignment in 𝑀, or if all closest relevant sub-terms of 𝑡 have been assigned in 𝑀. Evaluation-consistency is maintained in the trail, ensuring that no term evaluates to different values within it.

The role of reasoning plugins is to provide assignments for decisions, perform propagations, detect conflicts, and produce explanations. So, to implement a new theory in the MCSat framework, we need a reasoning plugin for that theory that must support in decision-making, propagation (including conflict detection), and explanation generation for propagated terms. Moreover, to ensure termination, there is the finite-basis requirement on plugins, i.e. any literals introduced by plugins come from a finite set of literals.

MCSat Equality and Uninterpreted Functions Plugin

The Equality and Uninterpreted Function (EUF) MCSat-Plugin provides equality reasoning over the uninterpreted sorts and uninterpreted function. The equality reasoning is done by tracking terms of uninterpreted sorts and uninterpreted functions and their trail values in an E-graph [25,26,27] EUF plugin updates the E-graph when new assignments are made in the trail to the tracked terms. This extended E-graph ensures: 1) If an equivalence class contains an evaluable term 𝑐, then the representative of that class is evaluable; 2) Two evaluable terms 𝑐 1 and 𝑐 2 in the same equivalence class must evaluate to the same value, otherwise this is a source of conflict. The conflict is reported to the core MCSat solver as a set of equalities and disequalities that contributed to the conflict. Propagation and Explanation. The EUF plugin propagates model values of uninterpreted sort terms when two class nodes get merged and one of them is not evaluable. In our implementation we also track equalities between Boolean terms in the E-graph. This allows the EUF plugin to propagate Boolean terms based on equivalence classes. The explanations of these propagations are tracked (or lazily produced), and are provided to the core solver when the propagated terms appear in a conflict when doing conflict analysis and lemma learning. We satisfy the finite-basis requirement because the EUF plugin only "introduces" equalities (disequalities) between terms that already exist in the trail.

Decision Assignment. The EUF plugin is also responsible for providing assignment values for variables and function applications of uninterpreted sorts. A value to uninterpreted sort term is essentially an integer identifier that the MCSat partial model keeps track of. The EUF plugin maintains a set of infeasible values for each term to be decided (terms that EUF is responsible to provide assignment for).

Extending MCSat-EUF Plugin with Arrays Reasoning

To be able to do model-based arrays reasoning in MCSat, we extend the EUF plugin with: i) tracking of relevant array terms, ii) array propagation and explanation, iii) array conflict detection, and iv) array decision assignment.

Relevant Array Terms. The extended EUF plugin tracks array terms, in addition to uninterpreted function terms, as relevant terms when the core solver notifies it about new terms. Array terms include array variables, array write terms, and array read terms. 3 The set of relevant terms returned to the core solver may also include terms not present in the term notified by the core solver. These additional terms are array read terms and indices, as defined by the set 𝑉 (1) in Section 2.

Example 1. Let read(a, i), write(b, j, e) be the new terms notified by the core solver to the extended EUF 3 Array reads in Yices2 are uninterpreted function applications, so there was no need to extend the EUF plugin for those terms.

plugin. The relevant array terms set, in this case, is {write(b, j, e), 𝑎, 𝑏} ∪ {read(write(b, j, e), j), read(b, j), 𝑗, 𝑒} ∪ {read(a, i), 𝑖}.

The main purpose of adding these additional terms is to prompt the MCSat core solver to make decisions on these terms, resulting in assignments to these terms in the trail. This allows us to detect array theory conflicts, for such a trail with assignments, using weakly equivalent arrays reasoning. It is important to note that we are able to satisfy the finite-basis requirement of the extended plugin as weakly equivalent arrays reasoning only uses the tracked terms in the generated arrays lemmas.

Propagation and Explanation.

For propagation, we rely on the existing EUF propagation mechanism that propagates model values of terms that are unassigned in the MCSat trail. This covers the read terms and array terms that are evaluable in the E-graph but are not assigned in the MCSat trail. Therefore, the explanation procedure of the existing EUF plugin can be used to explain array term propagations.

Example 2. Let 𝑀 ∶= {read(a, i) ↦ 𝛼 1 , 𝑎 ↦ 𝛼 2 } be an assignment in the solver trail. Suppose the extended EUF plugin deduces, using the E-graph, that the array term 𝑏 is equal to 𝑎 and read(b, j) is equal to read(a, i) -note that 𝑏 and read(b, j) do not have assignments in the trail. The plugin returns the assignment values {𝑏 ↦ 𝛼 2 , read(b, j) ↦ 𝛼 1 } as propagations to the core solver, which adds these assignments to the solver trail.

Array Conflict detection via Weak-Equivalence Graph.

To check that the equivalence relation (assignment in the trail and E-graph) satisfies the array theory axioms, we can build the weak equivalence graph for every term in 𝑉 that has an assignment in the trail. First, we check the (idx) lemma. If violated, we report its negation as a conflict. Otherwise, we check for generalized read-over-write axiom violation using Algorithm 1. We report the conflict detected by the algorithm. Otherwise, we check for generalized extensionality axiom violation using Algorithm 2. Similarly, we report the conflict detected by the algorithm. If no conflicts are detected, then the current MCSat trail satisfies the arrays axioms.

Array Decision Assignment.

We use a simple mechanism to make decisions for array variables and array writes. We choose different values for different array terms when making decisions. If two array terms get merged they get equal values via propagation.

Implementation Details

We have implemented our approach in the MCSat solver of Yices2 [28]. The MCSat implementation in Yices2 already supports real/integer arithmetic [29], bitvectors [30,27], and uninterpreted functions [27].

Here we provide some important details of our implementation.

Eager Lemma Instantiation. When the core solver notifies the EUF plugin about new write terms, we eagerly instantiate the (idx) axiom for each write and assert the resulting lemma to the solver by adding it to the clause database.

Relevant Array Terms Set. As described in [16], we also optimize our implementation by using a smaller relevant array terms set 𝑉. If the element theory is stably infinite, we do not need to add read(a, i) for every write (a, i, e). This optimization has the potential to reduce the number of read terms in 𝑉, resulting in less work for both Algorithm 1 and Algorithm 2. Weak Equivalence Graph Data Structure and Conflict Detection. We utilize the data structure proposed in [16] to store the weak equivalence graph. Every vertex in the graph corresponds to an array term, and an edge represents a write operation between the two vertices -the direction can inverted during the construction of the graph. This data structure offers an efficient way to detect if two arrays are weakly equivalent (as well as modulo i equivalent). For further details, we recommend referring to Section 7 in [16]. The reasoning for weakly equivalent arrays, as presented earlier, assumes that we have a model that satisfies the EUF axioms. It is important to note that the MCSat model is built incrementally as the search progresses, unlike in CDCL(𝒯) where the model is built after the reasoning is complete. Therefore, we do not wait till we have a full model that is consistent with the EUF axioms. Instead, we construct the weak equivalence graph as soon as we have a model value for each term in the set 𝑉 (see (1)). This allows to detect array conflicts earlier than the approach where we wait until the EUF model is complete.

Experimental Evaluation

Solvers and Benchmarks. We refer to the implementation of our proposed approach in Yices2 as Yices2-MCSat-we have used the git commit #17369e6. To evaluate its performance, we have done experiments on various quantifier-free logic benchmarks containing arrays from the SMT-LIB [31] release 2023 [32], including QF_AX, QF_ABV, QF_AUFBV, QF_ALIA, QF_AUFLIA, QF_ANIA, and QF_AUFNIA. We have evaluated the different optimizations of our implementation on the QF_AX benchmarks. Moreover, we have compared the optimized version against cvc5 [13] (version 2024-03-25-a40d28f), MathSAT5 [33] (version 5.6.10), and Z3 [14] (version 4.13.0). Yices2 (git commit #17369e6) and Bitwuzla [34] (version 0.4.0) have been also included in the experiments for the supported logics.

Experimental Setup. The experiments were conducted on a 96-core AMD-CPU server running Ubuntu 20.04.6 LTS. We used a time limit of 3 minutes and a memory limit of 8 GB for each benchmark solved by the solvers.

The results are presented in tables 1 to 5. Each table provides information on the logic category, total number of benchmarks in the top row. The solved column shows the number of solved instances, the sat/unsat column shows the number of solved satisfiable/unsatisfiable instances, the time column shows the total solving time for each solver. The aggregated results are also presented in Figure 2, showing cactus plots of different logics. 1 displays the results of evaluating various options of our implementation on the arrays (QF_AX) benchmarks.

Evaluation of Optimizations. Table

The default option, Yices2-MCSat, incorporates all optimizations outlined in Section 4.1. These optimizations include: a) utilizing a smaller relevant array term set, b) eagerly adding the (idx) lemma when the core solver detects a write to the EUF plugin, and c) checking for array conflicts when all relevant array terms have been assigned a value in the trail. Yices-MCSat-no-opt-a and Yices-MCSat-noopt-b refer to versions without optimization a and optimization b, respectively. Yices-MCSat-no-c-1 and Yices-MCSat-no-c-2 are versions without optimization c, with the former checking for array conflicts (early check) whenever the E-graph does not identify a conflict, and the latter checking for array conflicts (late check) when each term in the E-graph has an assignment in the trail. The results clearly indicate the significance of all optimizations, with optimization a standing out as the most critical. Additionally, we were able to replicate the impact of optimization a, as proposed in [16].

Comparison Againts Other SMT solvers. In Table 2, results for the arrays (QF_AX) benchmarks are shown. Yices2-MCSat solves all the benchmarks and performs competitively with other solvers, even solving more benchmarks than cvc5. Table 3 displays results for the arrays with nonlinear arithmetic (QF_ANIA and QF_AUFNIA) benchmarks. In this category, Yices2-MCSat demonstrates its strength by solving the highest number of benchmarks compared to other solvers, with a couple of benchmarks lead over MathSAT5. 4 We can notice the complementarity of the various approaches in Figure 2b.

For the arrays with linear arithmetic (QF_ALIA and QF_AUFLIA) benchmarks in Table 4, Yices2-MCSat competes closely with cvc5 and Z3, although it falls behind MathSAT5 and Yices2 in terms of the number of benchmarks solved. The longer solving time for Yices2-MCSat in this category may be due to its use of CAD-based [35] nonlinear reasoning engine even for linear problems.

Table 5 presents the results for the arrays with bitvectors (QF_ABV and QF_AUFBV) benchmarks. Yices2-MCAST's performance is better than cvc5 but not on par with other solvers. Yices2-MCSat uses word-level model-based reasoning for bitvector constraints, which is less efficient than the bit-blasting approach used by the other solvers on SMT-LIB bitvector benchmarks containing bitwise operations. This difference in approach may explain Yices2-MCSat's performance on these benchmarks.

Conclusion and Future Work

We have presented a new MCSat-based solver for the extensional theory of arrays. The array decision procedure at its core incorporates EUF and weakly equivalent arrays reasoning. By using the weakly equivalent arrays reasoning, we meet the finite-basis requirement of the MCSat framework. Our approach has been implemented in the Yices2 SMT solver, enabling it to tackle array problems involving nonlinear arithmetic. The performance of this new solver is competitive with the current state of the art and excels in handling array problems with nonlinear arithmetic constraints. Our future plans include expanding the implementation to include constant arrays and the diff function [19,36], which will allow us to experiment with generating quantifier-free array interpolants using the model-based interpolation procedure [11] in Yices2-MCSat. Ultimately, we aim to use this to model-check array-based transition systems [37,38] in the Sally [39,40] model-checker.

Figure 2 :2Figure 2: Cactus Plots of solvers performance on differnt benchmarks: a) Arrays-only, b) Arrays + Nonlinear Arithmetic, c) Arrays + Linear Arithmetic, d) Arrays + Bitvector.

A weak equivalence graph 𝐺 𝑊 is an undirected graph where the vertices are the array terms 𝒜 and the edges are either unlabelled or labelled with the indices used in the write function application, defined as follows: 1) there is an unlabelled edge 𝑎 ↔ 𝑏 if 𝑎 ∼ 𝑉 𝑏, and 2) there is a labelled edge 𝑎 𝑖 ↔ 𝑏 if either 𝑎 is of the form write(b, i, ⋅) or 𝑏 is of the form write(a, i, ⋅). Given a path 𝑃 in 𝐺 𝑊 , let 𝐼 𝑛𝑑𝑖𝑐𝑒𝑠(𝑃) be the set of indices appearing on the labelled edges in 𝑃. Two array terms 𝑎 and 𝑏 are called weakly equivalent if there exists a path 𝑃 between nodes 𝑎 and 𝑏 in 𝐺 𝑊 . Two arrays 𝑎 and 𝑏 are called weakly equivalent modulo 𝑖, denoted by 𝑎 ≈ 𝑖 𝑏, if and only if they are connected by a path that does not contain an edge Read-over-weakeq: Given an equivalence relation ∼ 𝑉 , read(a, i) and read(b, j) from 𝑉, if 𝑖 ∼ 𝑉 𝑗 and 𝑎 ≈ 𝑖 𝑏 then read(a, i) ∼ 𝑉 read(b, j) holds. Given an equivalence relation ∼ 𝑉 , array terms 𝑎 and 𝑏 are weakly congruent modulo 𝑖, denoted by 𝑎 ≅ 𝑖 𝑏, if and only if they have the same value at index 𝑖.Definition 2. Definition 3. Definition 4. Definition 5.Definition 1. The set of tracked terms 𝑉 is defined as:𝑉 = 𝒜 ∪ {read(a, i), read(write(a, i, e), i), 𝑖, 𝑒 | write(a, i, e) ∈ 𝒜 } ∪ {read(a, i), 𝑖 | read(a, i) ∈ 𝜙}(1)Let ∼ 𝑉 ⊆ 𝑉 × 𝑉 be an equivalence relation on the set 𝑉.

𝑗↔ where 𝑗 ∼ 𝑉 𝑖. Lemma 1.

Algorithm 2 :2check-ext-conflict(𝐺 𝑊 , 𝑉, ∼ 𝑉 ) for 𝑎, 𝑏 ∈ 𝑉 such that 𝑎 ≁ 𝑉 𝑏 do if there is a path 𝑃 between 𝑎 and 𝑏 such that ∀𝑖 ∈ 𝐼 𝑛𝑑𝑖𝑐𝑒𝑠(𝑃).𝑎 ≅ 𝑖 𝑏 then return 𝐶𝑜𝑛𝑑(𝑃) ∧ ⋀ 𝑖∈𝐼 𝑛𝑑𝑖𝑐𝑒𝑠(𝑃) 𝐶𝑜𝑛𝑑(𝑎 ≅ 𝑖 𝑏) ∧ 𝑎 ≠ 𝑏; Algorithm 3: arrays-check(𝐺 𝑊 , 𝑉, ∼ 𝑉 ) 𝑐𝑜𝑛𝑓 𝑙𝑖𝑐𝑡 := check-idx-conflict(𝐺 𝑊 , 𝑉, ∼ 𝑉 ); ; /* check for idx-lemma conflicts */ if conflict = NULL then 𝑐𝑜𝑛𝑓 𝑙𝑖𝑐𝑡 := check-read-over-write-conflict(𝐺 𝑊 , 𝑉, ∼ 𝑉 ); if conflict = NULL then 𝑐𝑜𝑛𝑓 𝑙𝑖𝑐𝑡 := check-ext-conflict(𝐺 𝑊 , 𝑉, ∼ 𝑉 ); if conflict = NULL then return (SAT, NULL); return (UNSAT, 𝑐𝑜𝑛𝑓 𝑙𝑖𝑐𝑡);endreturn NULL;

. The The MCSat framework consists of the following steps: 1) Propagate the trail. 2) If a conflict is found during propagation, check if there is any decision to backtrack over. If not, return UNSAT. Otherwise, explain the conflict using a lemma, backtrack the trail, and repeat step 1. 3) If no conflict is found during propagation, decide on a variable that is not on the trail. If there is nothing left to decide, return SAT. Otherwise, add the decided variable to the trail and repeat step 1.Explain &UNSATBacktrackConflictLemmaPropagateTheory VariableAssignmentNoConflictDecideSAT

ψ Figure 1:

Table 1 Different1Yices2-MCSat Options ResultsQF_AX (551)Solversolved sat/unsattimeYices2-MCSat551272/279177.96Yices2-MCSat-no-opt-a551272/279 1244.93Yices2-MCSat-no-opt-b550272/278276.51Yices2-MCSat-no-opt-c-1550272/278703.94Yices2-MCSat-no-opt-c-2551272/279228.47

Table 22Arrays Benchmarks ResultsQF_AX (551)Solversolved sat/unsattimecvc5545272/273 296.29MathSAT5551272/27920.49Yices2551272/2794.01Yices2-MCSat551272/279 177.96Z3551272/27928.12Table 3Arrays + Nonlinear Arithmetic Benchmarks ResultsQF_ANIA (155)QF_AUFNIA (17)Solversolved sat/unsattime solved sat/unsat timecvc59889/9455.5663/3 22.95MathSAT5123116/7340.79175/124.75Yices2-MCSat125111/14 3406.64175/127.52Z38569/16981.06175/12 29.05Table 4Arrays + Linear Arithmetic Benchmarks ResultsQF_ALIA (176)QF_AUFLIA (1303)Solversolved sat/unsattime solved sat/unsattimecvc59122/69635.241286542/744 609.52MathSAT516088/7289.081300543/757 177.57Yices216088/72123.381303543/76029.69Yices2-MCSat13767/70 2046.331261547/714 781.05Z314473/71 1555.191303543/76020.62Table 5Arrays + Bit-vector Benchmarks ResultsQF_ABV (15147)QF_AUFBV (67)Solversolvedsat/unsattime solved sat/unsattimeBitwuzla14695 10339/43564751.645214/38 304.20cvc5137319274/4456 10926.104111/30 355.15MathSAT514902 10321/4580 14205.004111/3031.11Yices215018 10414/4604 10206.005114/37 345.36Yices2-MCSat 14285 10242/4042 12932.504014/26 839.69Z314827 10259/45689092.974511/34 733.71

Yices2 implements a similar approach to[16]. We are not reporting Yices2 (CDCL(𝒯)) results here because it does not support nonlinear arithmetic.

Acknowledgments. We would like to thank Jochen Hoenicke for fruitful discussions about the weakly equivalent arrays that helped us in implementing the reasoning procedure in Yices2. This material is based upon work supported by NSF with award CCF-1816936. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the US Government or NSF.

Abstraction refinement of linear programs with arrays AArmando MBenerecetti JMantovani Tools and Algorithms for the Construction and Analysis of Systems: 13th International Conference

Portugal

Springer March 24-April 1, 2007. 2007 Proceedings 13 Dafny: An automatic program verifier for functional correctness KR MLeino International conference on logic for programming artificial intelligence and reasoning Springer 2010 ACimatti AGriggio STonetta arXiv:2109.12821 The VMT-LIB language and tools 2021 arXiv preprint The SeaHorn verification framework AGurfinkel TKahsai AKomuravelli JANavas International Conference on Computer Aided Verification Springer 2015 Kratos2: An SMT-based model checker for imperative programs AGriggio MJonás CAV 13966 3 2023 Springer Verilog2SMV: A tool for word-level verification AIrfan ACimatti AGriggio MRoveri RSebastiani DATE, IEEE 2016 ANiemetz MPreiner CWolf ABiere Btor2 , BtorMC and Boolector Lecture Notes in Computer Science Springer 2018 3 MoXI: An intermediate language for symbolic model checking KYRozier RDureja AIrfan CJohannsen KNukala NShankar CTinelli MYVardi Proceedings of the 30th International Symposium on Model Checking Software (SPIN) the 30th International Symposium on Model Checking Software (SPIN) Springer April 2024 ???? Solving SAT and SAT modulo theories: From an abstract Davis-Putnam-Logemann-Loveland procedure to DPLL(T ) RNieuwenhuis AOliveras CTinelli J. ACM 53 2006 A model-constructing satisfiability calculus LMDe Moura DJovanovic VMCAI Lecture Notes in Computer Science Springer 2013 7737 Interpolation and model checking for nonlinear arithmetic DJovanovic BDutertre CAV 12760 2 2021 Springer QSMA: A new algorithm for quantified satisfiability modulo theory and assignment MPBonacina SGraham-Lengrand CVauthier 10.1007/978-3-031-38499-8_5 doi: Automated Deduction -CADE 29 -29th International Conference on Automated Deduction Lecture Notes in Computer Science BPientka CTinelli

Rome, Italy

Springer July 1-4, 2023. 2023 14132 Proceedings cvc5: A versatile and industrial-strength SMT solver HBarbosa CWBarrett MBrain GKremer HLachnitt MMann AMohamed MMohamed ANiemetz ANötzli AOzdemir MPreiner AReynolds YSheng CTinelli YZohar TACAS 13243 1 2022 Springer Z3: an efficient SMT solver LMDe Moura NSBjørner TACAS Lecture Notes in Computer Science Springer 2008 4963 Simplification by cooperating decision procedures GNelson DCOppen ACM Trans. Prog. Lang. Syst 1 1979 Weakly equivalent arrays JChrist JHoenicke Lecture Notes in Computer Science FroCos 9322. 2015 Springer Towards a mathematical science of computation JMccarthy IFIP Congress

North-Holland

1962 New results on rewrite-based satisfiability procedures AArmando MPBonacina SRanise SSchulz ACM Trans. Comput. Log 10 51 2009 Quantifier-free interpolation of a theory of arrays RBruttomesso SGhilardi SRanise Log. Methods Comput. Sci 8 2012 A decision procedure for an extensional theory of arrays AStump CWBarrett DLDill JRLevitt LICS, IEEE Computer Society 2001 Deciding array formulas with frugal axiom instantiation AGoel SKrstić AFuchs Proceedings of the Joint Workshops of the 6th International Workshop on Satisfiability Modulo Theories and 1st International Workshop on Bit-Precise Reasoning the Joint Workshops of the 6th International Workshop on Satisfiability Modulo Theories and 1st International Workshop on Bit-Precise Reasoning 2008 Lemmas on demand for the extensional theory of arrays RBrummayer ABiere J. Satisf. Boolean Model. Comput 6 2009 Generalized, efficient array decision procedures LMDe Moura NSBjørner FMCAD, IEEE 2009 Smtinterpol: An interpolating SMT solver JChrist JHoenicke ANutz Lecture Notes in Computer Science SPIN 7385 2012 Springer Simplify: a theorem prover for program checking DDetlefs GNelson JBSaxe J. ACM 52 2005 Proof-producing congruence closure RNieuwenhuis AOliveras Lecture Notes in Computer Science RTA 3467 2005 Springer Solving bitvectors with MCSAT: explanations from bits and pieces SGraham-Lengrand DJovanovic BDutertre IJCAR (1 Lecture Notes in Computer Science Springer 2020 12166 <author> <persName><forename type="first">B</forename><surname>Dutertre</surname></persName> </author> </analytic> <monogr> <title level="j">Yices 2 2014 Springer Solving nonlinear integer arithmetic with MCSAT DJovanovic VMCAI Lecture Notes in Computer Science Springer 2017 10145 An MCSAT treatment of bit-vectors SGraham-Lengrand DJovanovic WS.org SMT CEUR Workshop Proceedings 2017 1889 CBarrett PFontaine CTinelli The Satisfiability Modulo Theories Library (SMT-LIB) SMT-LIB 2016 MPreiner H.-JSchurr CBarrett PFontaine ANiemetz CTinelli 10.5281/zenodo.10607722 SMT-LIB release 2023 (non-incremental benchmarks 2024 The MathSAT5 SMT solver ACimatti AGriggio BJSchaafsma RSebastiani TACAS 7795 2013 Springer Bitwuzla ANiemetz MPreiner CAV (2) Lecture Notes in Computer Science Springer 2023 13965 Quantifier elimination for real closed fields by cylindrical algebraic decomposition: a synopsis GECollins SIGSAM Bull 10 1976 TSchindler SMT solving, interpolation, and quantifiers 2022. 2022 Universität Freiburg Dissertation MCMT: A Model Checker Modulo Theories SGhilardi SRanise IJCAR Lecture Notes in Computer Science Springer 2010 6173 Counterexample-guided prophecy for model checking modulo the theory of arrays MMann AIrfan AGriggio OPadon CWBarrett Log. Methods Comput. Sci 18 2022 Verification of fault-tolerant protocols with Sally BDutertre DJovanovic JANavas Lecture Notes in Computer Science NFM 10811 2018 Springer Property-directed k-induction DJovanovic BDutertre FMCAD, IEEE 2016